Skip to content

Base

Jump to bottom
Bastien Abadie edited this page Apr 26, 2019 · 3 revisions

A few common arguments and concepts are used by all TaskBoot commands

Target

TaskBoot cannot do much by itself, it needs some external code (your project!) to build Docker images. We'll call it the target.

You can specify an existing source code directory by using the --target=path/to/code argument for any command.

It can be useful in several cases:

  • if you need to perform one or more operations before running taskboot on the source code (building some dependencies for the docker images, etc.)
  • while developing taskboot itself to speed-up runtime and avoid retrieving an external project

Example

Here is an example task payload to manually clone your repository, run a custom Python command, and then execute taskboot:

payload:
  image: mozilla/taskboot:latest
  command:
    - "/bin/sh"
    - "-lcxe"
    - "git clone ${repository} /code &&
       cd /code &&
       git checkout ${head_rev} &&
       python run_some_build_command.py &&
       taskboot --target /code build --tag myproject Dockerfile

Git repository

In most cases you want Taskboot to work on your Git repository, at a specific revision.

You can use the following arguments instead of --target to let Taskboot automatically clone and checkout your project's revision:

  • --git-repository=https://github.com/my-project/my-repo.git or set the environment variable GIT_REPOSITORY
  • --git-revision=deadbeef123 or set the environment variable GIT_REVISION (defaults to master)

⚠️ Only public repositories are supported for now.

Example

Here is a full example supporting the multiple events provided by taskcluster-github integration, cloning your repository at the correct revision for pull request and various pushes.

tasks:
  $let:
    head_rev:
      $if: 'tasks_for == "github-pull-request"'
      then: ${event.pull_request.head.sha}
      else:
        $if: 'tasks_for == "github-push"'
        then: ${event.after}
        else: ${event.release.tag_name}

    repository:
      $if: 'tasks_for == "github-pull-request"'
      then: ${event.pull_request.head.repo.html_url}
      else: ${event.repository.html_url}
  in:
    - payload:
        image: mozilla/taskboot:latest
        env:
          GIT_REPOSITORY: ${repository}
          GIT_REVISION: ${head_rev}
        command:
          - taskboot
          - build
          - Dockerfile

Configuration

Taskboot can use a minimal configuration file, mostly used to store credentials that we do not want to expose as CLI args, especially in Taskcluster tasks (remember it is world readable...)

Format

The configuration file only supports docker registry credentials for now, in this simple format:

docker:
  registry: registry.hub.docker.com
  repository: my-project/my-repo
  username: XXX
  password: YYY

From a local file

It should only be used when developing Taskboot itself, or testing your project's workflows.

By using the option --config=path/to/config.yml, you can provide a local file to Taskboot, using the above format.

💥 Avoid using this option with Taskcluster or you'll leak your secrets.

From a Taskcluster secret

You can safely use Taskcluster secrets to store your credentials, by configuring taskcluster-proxy on your task.

Specify the secret path to Taskboot using one of these methods:

  • Common cli arg --secret=path/to/secret
  • Environment variable TASKCLUSTER_SECRET

Here is an example payload of a task building a docker image and pushing it on a repository:

payload:
  features:
    taskclusterProxy: true
  maxRunTime: 3600
  image: mozilla/taskboot:latest
  env:
    GIT_REPOSITORY: ${repository}
    GIT_REVISION: ${head_rev}
    TASKCLUSTER_SECRET: path/to/my/secret
  command:
    - taskboot
    - build
    - --tag
    - my-project:latest
    - --push

Cache

The img tool uses a folder to store the different Docker layers needed to build images. By setting that folder to a shared cache across workers, we can speed up significantly image build times.

Taskcluster offers a cache feature, to enable it on your tasks, you will need the following:

  • Choose a unique name for your cache (we'll use my-project-cache here)
  • Add the cache scope to your task in .taskcluster.yml: for our example it will be docker-worker:cache:my-project-cache
  • Declare the cache path in the task's container, by adding the cache in the task payload:
payload:
  ...
  cache:
    my-project-cache: /path/to/cache
  • Finally use the --cache option in your taskboot command: taskboot --cache=/path/to/cache build Dockerfile

You can view the cache usage Pull Request on bugbug where the average build time went from 1h+ to 10 minutes.

Clone this wiki locally